Critical Infrastructure Security , Operational Technology (OT)

Schneider Electric Warns of Critical Modicon Flaws

Multiple Critical Vulnerabilities Expose Industrial Control Risks
Schneider Electric Warns of Critical Modicon Flaws
Image: Shutterstock

French multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers, putting industries relying on these controllers at risk.

See Also: OnDemand Panel | Strengthening OT Security with HCLTech and Microsoft

The vulnerabilities could allow unauthorized access, data manipulation and system interruptions, Schneider said in a security notification (see: Building Cyber Resilience Across OT, IT and IoT Environments).

Modicon M340, Momentum and MC80 controllers are widely used across various industrial sectors, including manufacturing, energy and critical infrastructure. They enable precise control and monitoring of complex processes, helping companies automate workflows. The identified flaws could leave these systems susceptible to denial-of-service attacks and can be exploited for arbitrary code execution.

Schneider Electric issued the alert on Tuesday, urging affected users to apply firmware updates or implement network mitigations to safeguard systems.

Here are the vulnerabilities addressed:

  • CVE-2024-8936: This vulnerability is a result of improper input validation in the Modicon controllers. Attackers could exploit it through a man-in-the-middle attack, intercepting and modifying communications on the Modbus protocol to manipulate the controller's memory. A successful exploit could lead to unauthorized access to sensitive memory areas, compromising the confidentiality of data stored within the controller. This vulnerability has a CVSS score of 8.3.
  • CVE-2024-8937: This vulnerability is linked to improper memory buffer restrictions in the Modicon controllers. During a MITM attack, an attacker could send maliciously crafted Modbus function calls to the controller, targeting the memory buffer involved in the authentication process. This could allow attackers to execute arbitrary code on the device, potentially taking control of it. CVE-2024-8937 is classified as high-risk with a CVSS score of 9.2.
  • CVE-2024-8938: Similar to CVE-2024-8937, this vulnerability stems from inadequate memory buffer restrictions. Attackers can exploit this through a MITM attack by sending crafted Modbus commands that alter the memory areas responsible for computing the controller's memory size. This could lead to arbitrary code execution, allowing attackers to manipulate the controller's operations or cause system instability. It has a score of 9.2 on the CVSS scale.

The advisory details Schneider Electric's recommendations to mitigate risks, including applying firmware version SV3.65 for the Modicon M340 controllers and setting up network segmentation.

The company also suggests implementing firewalls and access control lists to restrict unauthorized access to the Modbus port. For the Momentum and MC80 controllers, Schneider is working on a remediation plan but advised immediate mitigation measures, such as using VPN connections and following user manual security guidelines.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.